[openssl-dev] [openssl.org #4674] Openssl 1.1.0 passwd bug & feature request
Richard Levitte via RT
rt at openssl.org
Tue Sep 13 22:32:37 UTC 2016
Issue 1 now resolved, fix pushed to master branch as well as
OpenSSL_1_1_0-stable.
Issue 2 remaining.
Cheers,
Richard
On Tue Sep 13 20:32:18 2016, levitte wrote:
> I can confirm issue one and raise you one: it's not just on Windows
>
> On it.
>
> Cheers,
> Richard
>
> On Tue Sep 13 17:23:48 2016, bkhowson at gmail.com wrote:
> > This may be two requests, one a bug and one a feature request.
> >
> > Issue 1: openssl 1.1.0 passwd on Windows 64 doesn't generate MD5 passwords
> > (-1 / -apr1), returns "<NULL>". I haven't tested other platforms. See
> > output below.
> >
> > Issue 2: openssl 1.1.0 passwd doesn't support newer password hashing
> > algorithms used by unix / linux platforms. This limitation may force
> > people to use weaker password storage than possible, for example if
> > generating crypts using openssl passwd to feed into usermod -p. Please add
> > support for password types 5 (SHA-256) and 6 (SHA-512).
> >
> > http://man7.org/linux/man-pages/man3/crypt.3.html
> >
> > ID | Method
> > ─────────────────────────────────────────────────────────
> > 1 | MD5
> > 2a | Blowfish (not in mainline glibc; added in some
> > | Linux distributions)
> > 5 | SHA-256 (since glibc 2.7)
> > 6 | SHA-512 (since glibc 2.7)
> >
> >
> > Issue 1: collateral:
> >
> > Working in OpenSSL 1.0.2.h:
> > D:\>openssl version
> > OpenSSL 1.0.2h 3 May 2016
> >
> > D:\>openssl passwd -apr1 password
> > $apr1$hU.5TC8J$BaYCimZriQeWKBSupbQuO.
> >
> > D:\>openssl passwd -1 password
> > $1$LxNTmc7h$FHDYsVvavnYy0KqB.2ZIx0
> >
> > Compiled Openssl 1.1.0:
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > OpenSSL 1.1.0 25 Aug 2016
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl version
> > OpenSSL 1.1.0 25 Aug 2016
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd password
> > UZ8kfkzdGoYTQ
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -1 password
> > <NULL>
> >
> > D:\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -apr1 password
> > <NULL>
> >
> > (To show that MD5 wasn't compiled out):
> >
> > D:\Download\OpenSSL\openssl-1.1.0\apps>.\openssl passwd -help
> > Usage: passwd [options]
> > Valid options are:
> > -help Display this summary
> > -in infile Pead passwords from file
> > -noverify Never verify when reading password from terminal
> > -quiet No warnings
> > -table Format output as table
> > -reverse Switch table columns
> > -salt val Use provided salt
> > -stdin Read passwords from stdin
> > -apr1 MD5-based password algorithm, Apache variant
> > -1 MD5-based password algorithm
> > -crypt Standard Unix password algorithm (default)
>
>
> --
> Richard Levitte
> levitte at openssl.org
--
Richard Levitte
levitte at openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4674
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list